shadow/repos/core-x86_64/0003-Add-Arch-Linux-defaults-for-login.defs.patch

   1 From 8c2a5c7d695fc6066c92b102d26853f25e0bedb8 Mon Sep 17 00:00:00 2001
   2 From: David Runge <dvzrv@archlinux.org>
   3 Date: Mon, 31 Oct 2022 10:10:22 +0100
   4 Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
   5
   6 etc/login.defs:
   7 Change ENV_SUPATH and ENV_SUPATH to only use
   8 /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
   9 and bin merge distribution.
  10 Change UMASK to 077 as it is considered a more privacy conserving
  11 default than 022.
  12 Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
  13 distribution added UIDs and GIDs.
  14 Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
  15 DES.
  16 ---
  17  etc/login.defs | 12 ++++++------
  18  1 file changed, 6 insertions(+), 6 deletions(-)
  19
  20 diff --git a/etc/login.defs b/etc/login.defs
  21 index 7c633a57..ea841257 100644
  22 --- a/etc/login.defs
  23 +++ b/etc/login.defs
  24 @@ -55,8 +55,8 @@ HUSHLOGIN_FILE        .hushlogin
  25  # *REQUIRED*  The default PATH settings, for superuser and normal users.
  26  #
  27  # (they are minimal, add the rest in the shell startup files)
  28 -ENV_SUPATH     PATH=/sbin:/bin:/usr/sbin:/usr/bin
  29 -ENV_PATH       PATH=/bin:/usr/bin
  30 +ENV_SUPATH     PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
  31 +ENV_PATH       PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
  32
  33  #
  34  # Terminal permissions
  35 @@ -79,7 +79,7 @@ TTYPERM               0600
  36  # 022 is the default value, but 027, or even 077, could be considered
  37  # for increased privacy. There is no One True Answer here: each sysadmin
  38  # must make up their mind.
  39 -UMASK          022
  40 +UMASK          077
  41
  42  # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
  43  # home directories.
  44 @@ -103,7 +103,7 @@ PASS_WARN_AGE       7
  45  UID_MIN                         1000
  46  UID_MAX                        60000
  47  # System accounts
  48 -SYS_UID_MIN              101
  49 +SYS_UID_MIN              500
  50  SYS_UID_MAX              999
  51  # Extra per user uids
  52  SUB_UID_MIN               100000
  53 @@ -116,7 +116,7 @@ SUB_UID_COUNT                   65536
  54  GID_MIN                         1000
  55  GID_MAX                        60000
  56  # System accounts
  57 -SYS_GID_MIN              101
  58 +SYS_GID_MIN              500
  59  SYS_GID_MAX              999
  60  # Extra per user group ids
  61  SUB_GID_MIN               100000
  62 @@ -153,7 +153,7 @@ CHFN_RESTRICT               rwh
  63  # Note: If you use PAM, it is recommended to use a value consistent with
  64  # the PAM modules configuration.
  65  #
  66 -#ENCRYPT_METHOD DES
  67 +ENCRYPT_METHOD SHA512
  68
  69  #
  70  # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
  71 --
  72 2.39.0
  73